//package com.demo.gateway.filter;
//
//import com.demo.gateway.utils.JwtUtils;
//import org.springframework.cloud.gateway.filter.GatewayFilterChain;
//import org.springframework.cloud.gateway.filter.GlobalFilter;
//import org.springframework.core.Ordered;
//import org.springframework.http.HttpStatus;
//import org.springframework.http.server.reactive.ServerHttpRequest;
//import org.springframework.http.server.reactive.ServerHttpResponse;
//import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
//import org.springframework.security.core.Authentication;
//import org.springframework.security.core.authority.SimpleGrantedAuthority;
//import org.springframework.security.core.context.ReactiveSecurityContextHolder;
//import org.springframework.stereotype.Component;
//import org.springframework.web.server.ServerWebExchange;
//import reactor.core.publisher.Mono;
//
//import java.util.ArrayList;
//import java.util.Arrays;
//import java.util.List;
//
//@Component
//public class JwtAuthFilter implements GlobalFilter, Ordered {
//
//    private final JwtUtils jwtUtils;
//
//    // 白名单路径（无需认证）
//    private static final List<String> WHITE_LIST = new ArrayList<>(Arrays.asList("/auth/login", "/actuator/health", "/fallback"));
//
//    public JwtAuthFilter(JwtUtils jwtUtils) {
//        this.jwtUtils = jwtUtils;
//    }
//
//    @Override
//    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
//        ServerHttpRequest request = exchange.getRequest();
//        String path = request.getURI().getPath();
//
//        // 白名单直接放行
//        if (WHITE_LIST.stream().anyMatch(path::startsWith)) {
//            return chain.filter(exchange);
//        }
//
//        // 获取Token
//        String token = getTokenFromHeader(request);
//        if (token == null || !jwtUtils.validateToken(token)) {
//            return unauthorized(exchange, "无效的令牌");
//        }
//
//        // 解析Token并设置认证信息
//        String username = jwtUtils.getUsernameFromToken(token);
//        Authentication auth = new UsernamePasswordAuthenticationToken(
//                username, null, new ArrayList<>(Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")))
//        );
//
//        // 将认证信息存入上下文
//        return chain.filter(exchange)
//                .contextWrite(ReactiveSecurityContextHolder.withAuthentication(auth));
//    }
//
//    private String getTokenFromHeader(ServerHttpRequest request) {
//        String authHeader = request.getHeaders().getFirst("Authorization");
//        if (authHeader != null && authHeader.startsWith("Bearer ")) {
//            return authHeader.substring(7);
//        }
//        return null;
//    }
//
//    private Mono<Void> unauthorized(ServerWebExchange exchange, String message) {
//        ServerHttpResponse response = exchange.getResponse();
//        response.setStatusCode(HttpStatus.UNAUTHORIZED);
//        response.getHeaders().add("Content-Type", "application/json");
//        String body = "{\"code\":401,\"message\":\"" + message + "\"}";
//        return response.writeWith(Mono.just(response.bufferFactory().wrap(body.getBytes())));
//    }
//
//    @Override
//    public int getOrder() {
//        return -200; // 优先级高于限流和熔断
//    }
//}